WARNING RE. JAVA 2 RUNTIME ENVIRONMENT ( ! )

J

jlfonline

My home PC is running XP HE OS. Recently, I wanted to join into some Yahoo!
chat rooms my brother frequents. He lives about 400 miles from me, and it
would be a fun way to keep in touch. I found that I needed to have Java
installed to use the chat rooms. I clicked on the link supplied via Yahoo!,
and it took me to a MS website page. There, I found a message that MS had
recently lost a lawsuit vs. Sun Microsystems(?), and could no longer supply
the Virtual Machine. They intend to create a substitute utility using the
..NET technology, but for the moment the visitors would have to go to the Sun
site & get the Java from Sun.

I clicked on the link I found on the MS page, went to the Sun website, & did
an automated download/install of the JAVA 2 RUNTIME ENVIRONMENT. It went
very smoothly, with no hitches that I could discern. I went offline &
rebooted my system. Got back online, and visited Yahoo! again. To my
disgruntlement, I still couldn't use the chat rooms. I haven't figured out
why, yet.

The trouble showed up later, while surfing and snooping around on the web. I
clicked on a link, and POOF! The Java Runtime loaded itself and ran an
applet. The applet in question was a data-mining applet, which tried to dump
my memory contents, history, etc. online to the applet owner. I quickly shut
down the browser, went offline, & rebooted the machine. I don't think they
got very much, since I'm currently limited to a 28K connection in this
remote location.

I examined my custom Internet Options settings, and made sure all the
Java-related stuff was disabled. I ran Norton's Antivirus 2000 & Ad-Aware
(both, are updated to current par). Found nothing via either one. Went back
online. A short while later, it happened again - SPY ATTACK!!! I quickly
got offline, etc. Examining the Internet Options closely, I discovered that
there was a new item found via the "Advanced" tab, controlling use of Java.
I unchecked it, hoping that had been the culprit causing such a security
breach.

Going back online again, I checked and re-checked that new setting to make
sure it was still disabled (and, all the other related settings, too). It
was & they were. However, after a while of surfing - POOF! There was the
Java Runtime activating itself, and running a data-mining applet for the
current website! I again quickly got offline, etc.

It was at this point, that I uninstalled the JAVA 2 RUNTIME ENVIRONMENT. I
did it via the Control Panel "Add/Remove Programs" utility. It seemed to go
smoothly; without a hitch. Almost immediately, though, when I began to use
the system in a normal manner again, a new disfunction showed up. It was
linked to usage of Windows Explorer - clicking on opening a folder would
cause a new window to open (I have the settings set for re-using the same
window). This new window was maximed into Full Screen mode. I know this,
because I could see a new no-name window indicator in the taskbar at the
bottom of the screen, immediately before the taskbar vanished. It was
complete and utterly blank, lacking any details or controls. The only escape
was to trigger the Task Manager via Ctrl-Alt-Del, and shut down the Windows
Explorer task. Then, it all seemed normal agian. However, NOTE: In the Task
Manager, the only window which was listed as active was the original window
I'd been using.

This disfunction didn't happen every time. It didn't even happen that
often - it seemed upredictable, and also unavoidable. The solution, which
I've done today, was to roll back the OS to the last auto checkpoint found
BEFORE the checkpoint where the JAVA 2 RUNTIME ENVIRONMENT was installed. I
think this has solved the problem; at least, the disfunction hasn't recurred
yet. I'll know in a week or so, whether this was a truly enduring repair to
prevent that disfunction.

I'd like to recommend that MS creat an OS patch designed to seal the
security breach caused by the JAVA 2 RUNTIME ENVIRONMENT. This patch should
be designed for application AFTER the Java utility has been installed, and
labelled in BIG LETTERS, that this is the case. Naive as I am, it seems to
me that the security breach is the direct result of MS losing the lawsuit -
Sun isn't constrained now, re. what it does w/ the Runtime Environment,
because the competition no longer can compete. The only option for those who
want Java, is to shop at the company store - and, the price has become
exorbitant now that the competition was knocked out of the market; i.e., all
who use Java must allow data mining of their private computer's contents.
The best solution seems to me to be an OS patch designed to seal that
security breach after it's been created. You can't seal the breach
beforehand, because that leaves the option of programming OS alterations to
occur during installation of the Runtime Environment; i.e., they might be
able to disable the patch during the installation process, or create their
security breach via a different method which side-steps the existant patch.
So, it needs to be a "fix" applied to fine-tune & limit what the Runtime
Environment is allowed to do, applied after installation has been completed.

I'm rather pissed off, that the only way to have JAVA for the chatrooms is
to leave such a gaping security hole while I'm online. I heartily recommend
to all who read this message, that they don't attempt to install & use the
JAVA 2 RUNTIME ENVIRONMENT. In fact, pass the word & let others know they're
at risk too. I think doing so constitutes a social service. As you can see,
I've done my part via taking the time to write it all out & post this. Now,
do yours.


JLF
 
B

Bill Moyer

jlfonline said:
I clicked on the link I found on the MS page, went to the Sun
website, & did an automated download/install of the JAVA 2 RUNTIME
ENVIRONMENT.

The trouble showed up later, while surfing and snooping around on the
web. I clicked on a link, and POOF! The Java Runtime loaded itself
and ran an applet. The applet in question was a data-mining applet,
which tried to dump my memory contents, history, etc. online to the
applet owner. I quickly shut down the browser, went offline, &
rebooted the machine. I don't think they got very much, since I'm
currently limited to a 28K connection in this remote location.

What makes you think the same problem would not have occured with the MS
Java VM (which some of us have installed)?

What are your security settings for the Internet Zone? Are Java applets
allowed to roam free?

What was the link? I use the Sun J2SE, and I'd love to check it out.
(Let me guess... you can't provide a link... "It was just something I
came across; I can't find it now."
 
M

Mike Mulligan

Can I option the movie rights for your post?

BTW, Java works great for me. No spyware of any kind.

Mike Mulligan
 
G

Guy Scharf

jlfonline said:
The trouble showed up later, while surfing and snooping around on
the web. I clicked on a link, and POOF! The Java Runtime loaded
itself and ran an applet. The applet in question was a data-mining
applet, which tried to dump my memory contents, history, etc.
online to the applet owner. I quickly shut down the browser, went
offline, & rebooted the machine. I don't think they got very much,
since I'm currently limited to a 28K connection in this remote
location.

I find this entire story had to believe. Please provide the URL of the
web page that loaded the applet that tried to dump your "memory
contents, history, etc. online to the applet owner." How do you know
that is what it was doing? I'd like to examine the URL and applet
myself to see if it really does what you describe.

Guy
 
A

Alexander Grigoriev

I guess the link in question just opened a scary window saying "Your memory
and history being dumped!" (all your base are belong to us)...
 
R

Ron Morse

I don't know what's going on with your system, but the
problem is not in the JRE runtime.

Regards
 
S

Sharon F

The link being provided by Yahoo! is:
[huge snippage]

I have both the MS and the Sun JVM's installed. Have not seen the behavior
described with either one of those. To me it sounds like the author
mistakenly attributed the spyware like activity to Sun's JRE. It is more
likely that they installed a bit of spyware around the same time as the JRE.
Using System Restore, removed the undiscovered spyware at the same
time it removed the remnants of their JRE installation.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads


Top